Hi all, I met a issue in real experiments. I appreciate if you have any idea about this. Assume that there is a machine with static IP (129.10.xxx.xxx) installed by Xen Hypervisor and in that there is a VM created by Xen with the local NAT network configuration (IP: 192.168.122.xxx, Bcast: 192.168.122.255). I try to implement remote access VM and data transfer by SSH authorization without password. It works well when I generate SSH key pair in VM and then remote access any other 129.10.xx.xx machines without password. But for generating SSH key pair in 129.10.xx.xx machines and then remote access VMs, it always prompt interactive request to enter VM''s password. (when I want to ssh from Dom0 with 129.10.xx.xx to one of its VMs) I try to implement the overall monitor from a remote machine with static IP by SSH all the VMs in Xen servers. Thanks in advance Best, Jianzhe _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Alexandre Kouznetsov
2012-May-08 17:36 UTC
Re: ssh from Dom0 to DomU by SSH authorization without password
Hello. El 08/05/12 10:19, Jerry escribió:> But for generating SSH key pair in 129.10.xx.xx machines and then remote > access VMs, it always prompt interactive request to enter VM''s password. > (when I want to ssh from Dom0 with 129.10.xx.xx to one of its VMs)Did you copy the content of 129.10.xx.xx:~/.ssh/id_rsa.pub into 192.168.122.xxx:~/.ssh/authorized_keys ? Are the permissions of 129.10.xx.xx:~/.ssh/id_rsa set to 0600? Try "ssh -v", it''s feedback can give a clue why it insists on interactive authentication.> I try to implement the overall monitor from a remote machine with static > IP by SSH all the VMs in Xen servers.Perfectly suitable use. -- Alexandre Kouznetsov
Jerry
2012-May-08 19:16 UTC
Re: ssh from Dom0 to DomU by SSH authorization without password
Hi Alexandre, Thanks a lot for your help. I set all details as you noted. I just found the reason. Once I changed the file name of "id_rsa" in physical machine, the ssh authorization to VMs failed. But ssh authorization works well between physical machines even the file name of id_rsa is changed. Do you know the reason? Thanks in advance. Best regards, Jianzhe ________________________________ From: Alexandre Kouznetsov <alk@ondore.com> To: xen-users@lists.xen.org Sent: Tuesday, May 8, 2012 1:36 PM Subject: Re: [Xen-users] ssh from Dom0 to DomU by SSH authorization without password Hello. El 08/05/12 10:19, Jerry escribió:> But for generating SSH key pair in 129.10.xx.xx machines and then remote > access VMs, it always prompt interactive request to enter VM''s password. > (when I want to ssh from Dom0 with 129.10.xx.xx to one of its VMs)Did you copy the content of 129.10.xx.xx:~/.ssh/id_rsa.pub into 192.168.122.xxx:~/.ssh/authorized_keys ? Are the permissions of 129.10.xx.xx:~/.ssh/id_rsa set to 0600? Try "ssh -v", it''s feedback can give a clue why it insists on interactive authentication.> I try to implement the overall monitor from a remote machine with static > IP by SSH all the VMs in Xen servers.Perfectly suitable use. -- Alexandre Kouznetsov _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
Alexandre Kouznetsov
2012-May-08 19:30 UTC
Re: ssh from Dom0 to DomU by SSH authorization without password
El 08/05/12 14:16, Jerry escribió:> Once I changed the file name of "id_rsa" in physical machine, the ssh > authorization to VMs failed.id_rsa file is read by ssh client. If you change the default name, ssh client will just ignore it, unless you specify the new name in the command line.> But ssh authorization works well between physical machines even the file > name of id_rsa is changed.Maybe you are changing it on a wrong host? "id_rsa" and "id_rsa.pub" are relevant on the client side, where you run the ssh command, "authorized_keys" is relevant on the server side, the host you are connecting to.> Do you know the reason?Beside being a clear offtopic, it''s hard to tell. Increase the verbosity level of your ssh client, compare the output. Please consider "-i" and "-v" descriptions of "man ssh". (don''t CC me, I read the list) -- Alexandre Kouznetsov